CVE-2017-3230

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware MapViewer versions 11.1.1.9, 12.2.1.1, 12.2.1.2

Description The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks can result in unauthorized creation, deletion, or modification access to critical data, as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. Additionally, it can cause a partial denial of service of Oracle Fusion Middleware MapViewer.

Recommendations For versions 11.1.1.9, 12.2.1.1, and 12.2.1.2, consider restricting access to the MapViewer component until a patch is available. As a temporary workaround, consider disabling the FileUploaderServlet to minimize the risk of exploitation. Avoid using the fileName parameter in the affected HTTP endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.